Lucene search
GoogleOSV:GHSA-JMW7-PH6P-33CCHistoryMay 14, 2022 - 3:58 a.m.
Exposure of Sensitive Information in Jenkins Core
2022-05-1403:58:15
Google
osv.dev
15
jenkins
csrf
remote attackers
brute-force
security vulnerability
EPSS
0.007
Percentile
80.6%
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
Related
veracode
veracode
Timing Attack
2019-05-02 05:29:28
cvelist
cvelist
CVE-2016-0791
2016-04-07 23:00:00
cve
cve
CVE-2016-0791
2016-04-07 23:59:02
prion
prion
Cross site request forgery (csrf)
2016-04-07 23:59:00
ubuntucve
ubuntucve
CVE-2016-0791
2016-04-07 00:00:00
nvd
nvd
CVE-2016-0791
2016-04-07 23:59:02
github
github
Exposure of Sensitive Information in Jenkins Core
2022-05-14 03:58:15
redhat
redhat
openvas
openvas
Fedora Update for jenkins FEDORA-2016-641
2016-03-18 00:00:00
Fedora Update for jenkins FEDORA-2016-0
2016-03-18 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2016) - Windows
2016-05-20 00:00:00
nessus
nessus
RHEL 7 : jenkins (RHSA-2016:0711)
2018-12-04 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2016-02-24 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: jenkins-remoting-2.53.3-1.fc23
2016-03-17 21:00:40
[SECURITY] Fedora 23 Update: jenkins-1.625.3-3.fc23
2016-03-17 21:00:40
[SECURITY] Fedora 22 Update: jenkins-1.609.3-6.fc22
2016-03-17 21:25:57